b'September 5, 2000\n\nPETER A. JACOBSON\nSENIOR VICE PRESIDENT,\n CHIEF TECHNOLOGY OFFICER\n\nSTEPHEN M. KEARNEY\nSENIOR VICE PRESIDENT,\n CORPORATE AND BUSINESS DEVELOPMENT\n\nRICHARD J. STRASSER, JR.\nACTING CHIEF FINANCIAL OFFICER\n AND EXECUTIVE VICE PRESIDENT,\n\nSUBJECT:\t Audit Report \xe2\x80\x93 USPS eBillPay Security and Privacy Issues (Report\n          Number EC-AR-00-001)\n\nThis report presents the results of our audit of the Postal Service\'s implementation of\nthe USPS eBillPay electronic bill presentment and payment system (Project Number\n00SR003EC000). The objective of our audit was to determine whether the Postal\nService met information systems security and federal privacy requirements prior to\nbringing the system online.\n\nWe concluded that the Postal Service did not: (1) perform a certification and\naccreditation of the USPS eBillPay system, (2) identify minimum security requirements\nin the agreement with CheckFree Corporation, and (3) publish notice of USPS eBillPay\nin the Federal Register. We made five recommendations addressing these issues.\nManagement generally agreed with our recommendations. Management\xe2\x80\x99s comments\nare included, in their entirety, in Appendix C.\n\nWe appreciate the cooperation and courtesies provided by your staff during the audit. If\nyou have any questions or need additional information, please contact Robert Batta,\ndirector, Electronic Commerce, or me at (703) 248-2300.\n\n\n//Signed//\nColleen A. McAntee\nActing Assistant Inspector General\n  for Audit\n\x0cAttachment\n\ncc: Richard D. Weirich\n    James L. Golden\n    John R. Gunnels\n\x0cUSPS eBillPay Security and                                          EC-AR-00-001\n Privacy Issues\n\n\n                             TABLE OF CONTENTS\nPart I\n\nExecutive Summary\n                                                     i\n\nPart II\n\nIntroduction                                                           1\n\n   Background                                                          1\n\n   Objective, Scope, and Methodology                                   2\n\n\nAudit Results                                                          4\n\n   Security Issues                                                     4\n\n   Recommendations                                                     7\n\n   Management\xe2\x80\x99s Comments                                               8\n\n   Evaluation of Management\xe2\x80\x99s Comments                                 8\n\n\n   Privacy Issues                                                      9\n\n   Recommendation                                                     10 \n\n   Management\xe2\x80\x99s Comments                                              10 \n\n   Evaluation of Management\xe2\x80\x99s Comments                                10 \n\n\nAppendix A. Security Certification and Accreditation Requirements     11 \n\nAppendix B. Comparison of Systems of Records                          13 \n\nAppendix C. Management\'s Comments                                     14 \n\n\x0cUSPS eBillPay Security and                                                        EC-AR-00-001\n Privacy Issues\n\n\n                                EXECUTIVE SUMMARY\nIntroduction \t               This report presents the results of our audit of the Postal\n                             Service\xe2\x80\x99s implementation of USPS eBillPay electronic bill\n                             presentment and payment service. The objective of our\n                             audit was to determine whether the Postal Service met\n                             information systems security and federal privacy\n                             requirements when implementing USPS eBillPay.\n\nResults in Brief\t            While the system sponsor obtained security assurances\n                             from CheckFree Corporation prior to implementing USPS\n                             eBillPay, we found that the Postal Service did not officially\n                             validate, through the existing certification and accreditation\n                             process, that the USPS eBillPay system is secure and will\n                             adequately protect Postal Service customer data. The\n                             Postal Service wanted to quickly bring the system to market\n                             and did not follow the existing certification and accreditation\n                             process because it would not facilitate expedited system\n                             release. The system sponsor also considered USPS\n                             eBillPay security a low risk because CheckFree Corporation\n                             had provided this type of service since 1997. In addition,\n                             the agreement between the Postal Service and CheckFree\n                             Corporation provides indemnification in the event\n                             CheckFree Corporation\xe2\x80\x99s safeguards prove insufficient;\n                             however, the agreement did not identify incident reporting\n                             and other minimum security requirements for system\n                             certification. The security of USPS eBillPay could be\n                             strengthened and the interests of the Postal Service could\n                             be better protected if the agreement also addressed\n                             vulnerability testing. To the Postal Service\xe2\x80\x99s credit, the\n                             security staff began the certification and accreditation\n                             review process shortly after system implementation.\n\n                             If the Postal Service had validated the assurances it\n                             received from CheckFree Corporation concerning the\n                             security of the system against its existing security\n                             requirements, it may have become aware of the likely\n                             threats or ways the system may be misused or how well the\n                             mechanisms used to provide protection operate.\n\n                             We also found that the Postal Service did not publish notice\n                             of USPS eBillPay in the Federal Register in accordance with\n                             Privacy Act requirements, even though sensitive customer\n                             data, such as social security numbers, checking account\n                             numbers, and bank routing numbers, are maintained in the\n\n\n\n                                                i\n\x0cUSPS eBillPay Security and                                                       EC-AR-00-001\n Privacy Issues\n\n\n                             USPS eBillPay "system of records." The Postal Service\n                             evaluated an existing \xe2\x80\x9csystem of records\xe2\x80\x9d and believed it\n                             covered USPS eBillPay. As a result, interested parties did\n                             not have notice of what sensitive data the Postal Service\n                             would be collecting, and were not provided the opportunity\n                             to submit written data, views, or arguments regarding the\n                             use of this information. To the Postal Service\xe2\x80\x99s credit, it\n                             subsequently drafted a new "system of records," covering\n                             USPS eBillPay to consider publishing in the Federal\n                             Register.\n\nSummary of                   We recommend the chief technology officer, in conjunction\nRecommendations              with the senior vice president, Corporate and Business\n                             Development, (a) develop a new process to document\n                             system security and meet the intent of system certification\n                             and accreditation to be used when partnering with\n                             companies operating commercial systems, (b) document\n                             any alternative security assurance processes and cross-\n                             reference those agreements to the existing certification and\n                             accreditation process, and (c) ensure the security\n                             assurance process includes participation from the National\n                             Information Systems Security office, and the Inspection\n                             Service.\n\n                             We also recommend the acting chief financial officer and\n                             executive vice president ensure the Privacy Act officer\n                             publish notice of any new system or major changes to an\n                             existing system in the Federal Register.\n\n                             Additionally, we recommend the senior vice president,\n                             Corporate and Business Development, hold discussions\n                             with CheckFree Corporation regarding additional\n                             assurances on how their current business practices meet\n                             Postal Service security requirements, to include security\n                             incident reporting and vulnerability testing.\n\nSummary of                   Management agreed with four of the five recommendations\nManagement\xe2\x80\x99s                 and their actions met the intent of the fifth recommendation.\nComments                     Management provided clarifying language on their review of\n                             CheckFree Corporation\xe2\x80\x99s system security. Management\'s\n                             comments, in their entirety, are provided in Appendix C.\n\n\n\n\n                                               ii\n\x0cUSPS eBillPay Security and                                                    EC-AR-00-001\n Privacy Issues\n\n\n\nEvaluation of                Management\xe2\x80\x99s comments were generally responsive. While\nManagement\xe2\x80\x99s                 management did not fully agree with the finding regarding\nComments                     the Certification and Accreditation of the USPS eBillPay\n                             system, actions taken or planned should address the issues\n                             raised in this report.\n\n\n\n\n                                              iii\n\x0cUSPS eBillPay Security and                                                                           EC-AR-00-001\n Privacy Issues\n\n\n                                            INTRODUCTION\nBackground \t                     Electronic commerce is one of the most significant threats\n                                 facing the Postal Service in its more than 200-year history.\n                                 The Postal Service projects that electronic commerce may\n                                 cause First-Class Mail revenue to decline by $33 billion\n                                 between years 2000 and 2008. To help generate revenue\n                                 and be competitive in the electronic marketplace, the Postal\n                                 Service initiated an electronic bill presentment and payment\n                                 service.1\n\n                                 In April 2000 the Postal Service signed an agreement with\n                                 CheckFree Corporation, and implemented USPS eBillPay.\n                                 USPS eBillPay allows consumers to pay their bills online\n                                 through a central, secure Internet web site. Figure 1\n                                 describes the bill payment service.\n\n\n\n\n                                                                                                     Figure 1\n\n\n                                 CheckFree Corporation owns and operates the system and\n                                 infrastructure that support USPS eBillPay (see Figure 2),\n                                 and offers its electronic billing and payment services\n                                 through more than 100 other companies. USPS eBillPay\n                                 maintains sensitive and Privacy Act data owned by the\n                                 Postal Service and, therefore, is subject to specific Postal\n                                 Service security and federal privacy requirements.\n\n\n\n\n1\n Electronic bill presentment and payment provides billers a new way to deliver bills and receive payments from\ncustomers and provides consumers an easy, secure, and convenient way to receive and pay their bills.\n\n\n\n                                                         1\n\x0cUSPS eBillPay Security and                                                                     EC-AR-00-001\n Privacy Issues\n\n\n\n\n                                                   - Access\n\n\n\n\n                                 Customer\n\n\n\n\n                                                                                  - Service\n\n                                             USPS eBillPay front-end\n                                                @ USPS.COM\n                                               NOTE: Over 100 other companies\n                                                     offer a front-end.\n\n\n\n\n                                                   - Service\n\n                                                                                USPS eBillPay System\n\n\n\n\n                                                              Figure 2\n\n                             As an Internet service, USPS eBillPay presents security\n                             risks that do not exist in paper-based environments. The\n                             Internet allows companies to offer electronic commerce\n                             services to millions of users, leaving computer systems\n                             vulnerable to computer hackers. For example, hackers\n                             have stolen thousands of credit card numbers from\n                             electronic commerce sites during the last few years. The\n                             potential for financial losses from such thefts has raised the\n                             issue of financial liability for companies offering Internet\n                             services.\n\nObjective, Scope, and \t The objective of our audit was to determine whether the\nMethodology\t            Postal Service met information systems security\n                        requirements and federal privacy requirements when\n                        implementing USPS eBillPay. During our review, we\n                        interviewed Postal Service officials in headquarters and\n\n\n                                               2\n\x0cUSPS eBillPay Security and                                                    EC-AR-00-001\n Privacy Issues\n\n\n                             Raleigh, North Carolina; Inspection Service personnel; and\n                             CheckFree Corporation officials. We also reviewed relevant\n                             documentation from the Postal Service and CheckFree\n                             Corporation, Postal Service security and privacy policies,\n                             and the Privacy Act of 1974.\n\n                             We conducted our audit between April and August 2000 in\n                             accordance with generally accepted government auditing\n                             standards and included such tests of internal controls as\n                             were considered necessary under the circumstances. We\n                             discussed our conclusions and observations with\n                             appropriate management officials and included their\n                             comments, where appropriate.\n\n\n\n\n                                              3\n\x0cUSPS eBillPay Security and                                                        EC-AR-00-001\n Privacy Issues\n\n\n                                     AUDIT RESULTS\nSecurity Issues              While the system sponsor obtained security assurances\n                             from CheckFree Corporation prior to implementing USPS\n                             eBillPay, we found that the Postal Service did not officially\n                             validate, through the existing certification and accreditation\n                             process, that the USPS eBillPay system is secure and will\n                             adequately protect Postal Service customer data. In\n                             addition, although the agreement between the Postal\n                             Service and CheckFree Corporation provides\n                             indemnification in the event CheckFree Corporation\xe2\x80\x99s\n                             safeguards prove insufficient, the agreement did not identify\n                             incident reporting and other minimum security requirements\n                             for system certification. The agreement also does not\n                             address vulnerability tests, which could help strengthen the\n                             security of USPS eBillPay and better protect the interests of\n                             the Postal Service. To the Postal Service\xe2\x80\x99s credit, the\n                             security staff began the certification and accreditation review\n                             process shortly after system implementation.\n\nSecurity Certification\t      Management instruction AS-850-97-3 Security Certification\nand Accreditation \t          and Accreditation of Sensitive Application and Systems\n                             requires the Postal Service to certify and accredit all\n                             sensitive computer systems before putting them into\n                             production. Certification is an independent analysis of the\n                             management, technical, and operational security controls\n                             used to determine whether the system meets security\n                             requirements. Accreditation occurs after certification and is\n                             the official management authorization that appropriate\n                             security controls have been implemented to operate the\n                             system. The current certification process has\n                             37 management, operational, and technical control security\n                             requirements with associated standards that must be met\n                             before the Postal Service can accredit a system (see\n                             Appendix A). Examples of these requirements include:\n\n                                \xe2\x80\xa2\t Obtaining security clearances for all personnel\n                                   working on the system.\n                                \xe2\x80\xa2\t Performing a risk assessment on the system.\n                                \xe2\x80\xa2\t Testing the security of a system.\n                                \xe2\x80\xa2\t Establishing a security plan that addresses security\n                                   requirements.\n\n\n\n\n                                               4\n\x0cUSPS eBillPay Security and                                                                          EC-AR-00-001\n Privacy Issues\n\n\n                                 While the Postal Service obtained security assurances from\n                                 CheckFree Corporation, we found that the Postal Service\n                                 did not certify and accredit USPS eBillPay in accordance\n                                 with existing Postal Service requirements before bringing it\n                                 online. The security assurances included CheckFree\n                                 Corporation\xe2\x80\x99s Statement of Accounting Standards No. 702\n                                 and an indemnification clause in the agreement in the event\n                                 CheckFree Corporation\xe2\x80\x99s safeguards proved insufficient.\n\n                                 If the Postal Service had validated the assurances it\n                                 received from CheckFree Corporation concerning the\n                                 security of the system against its existing security\n                                 requirements, it may have become aware of the likely\n                                 threats or ways the system may be misused or how well the\n                                 mechanisms used to provide protection operate.\n\n                                 The Postal Service did not follow the existing certification\n                                 and accreditation process because it wanted to bring the\n                                 system to market quickly. In addition, the system sponsor\n                                 considered USPS eBillPay security a low risk because\n                                 CheckFree Corporation had provided this type of service\n                                 since 1997. Thus, the system sponsor made a business\n                                 decision to focus on the operational, logistical, and legal\n                                 aspects of USPS eBillPay and agreed to perform the\n                                 certification after system implementation.\n\n                                 We recognize that CheckFree Corporation\xe2\x80\x99s system may\n                                 have been in operation for some time and have security\n                                 measures in place that may meet some Postal Service\n                                 requirements. However, the Postal Service should have\n                                 considered all aspects of its security and privacy\n                                 requirements for protecting customer data in addition to the\n                                 assurances provided by CheckFree Corporation and\n                                 included the National Information Systems Security office\n                                 earlier in the process.\n\n                                 We also recognize that the management instruction applies\n                                 to systems developed for and by the Postal Service, and\n                                 that it does not specifically address existing systems\n                                 operated by private corporations which partner with the\n                                 Postal Service. However, it is the only guidance the Postal\n                                 Service has in place to ensure the security functions of a\n\n2\n In 1993, the Auditing Standard Board of the American Institute of Certified Public Accountants issued Statement of\nAccounting Standards No. 70 (SAS 70), \xe2\x80\x9cReports on the Processing of Transactions by Service Organizations,\xe2\x80\x9d which\nprovides guidance to companies that outsource accounting tasks to service organizations.\n\n\n\n                                                        5\n\x0cUSPS eBillPay Security and                                                                         EC-AR-00-001\n Privacy Issues\n\n\n                                 system are sufficient to protect the system and its\n                                 information, and that implementation decisions are made in\n                                 full consideration of Postal Service security requirements\n                                 and standards.\n\nPost Implementation \t            After official notification of USPS eBillPay implementation,\nActions \t                        the National Information Systems Security office and the\n                                 Inspection Service began assessing security as part of the\n                                 certification and accreditation process. They found:\n\n                                 \xe2\x80\xa2\t While Postal Service certification requirements indicate\n                                    that no one should work on a system until they receive\n                                    the proper security clearance, at least 600 CheckFree\n                                    Corporation employees without the required security\n                                    clearances have access to Postal Service customer\n                                    data.3\n\n                                 \xe2\x80\xa2\t Despite the Postal Service\xe2\x80\x99s certification requirement\n                                    that all security incidents be reported, there are no\n                                    procedures in place for CheckFree Corporation to notify\n                                    the Postal Service of security incidents.\n\n                                 \xe2\x80\xa2                                                                            4\n\n\n\n                                                                         .\n\nSecurity Requirements In reviewing the agreement between the Postal Service and\nin the Agreement with CheckFree Corporation, we determined security\nCheckFree Corporation requirements, as detailed in the agreement, were not\n                      sufficient to protect the Postal Service\xe2\x80\x99s interests and\n                      customer data. The agreement provides indemnification to\n                      the Postal Service in the event CheckFree Corporation\xe2\x80\x99s\n                      safeguards prove insufficient; however, the agreement did\n                      not identify incident reporting and other minimum security\n                      requirements for system certification. The agreement also\n                      does not address vulnerability tests which could help\n                      strengthen the security of USPS eBillPay and better protect\n                      the interests of the Postal Service. Therefore, the Postal\n                      Service may not be able to require CheckFree Corporation\n3\n  All CheckFree Corporation employees undergo background checks, credit checks, and drug testing. The Inspection\nService is currently in the process of working with CheckFree Corporation to determine which of its employees have\naccess to USPS eBillPay and, therefore, will require a security clearance. In addition, the Inspection Service is\ndetermining whether CheckFree Corporations clearance procedures are adequate to meet the intent of the Postal\nService\'s security requirements.\n4\n  A set of related programs, located at a network gateway server, that protects the resources of a private network\nfrom users from other networks.\n\n\n\n                                                        6\n\x0cUSPS eBillPay Security and                                                        EC-AR-00-001\n Privacy Issues\n\n\n                             to meet minimum requirements for security of data, system\n                             access, telecommunications, networks, software, and\n                             personnel.\n\n                                           ,\n\n\n                                                         .\n\n                             In addition to the alliance agreement, the Postal Service\n                             provided us its draft security exhibit for review and comment\n                             after it implemented USPS eBillPay. In our May 2000\n                             response, we concluded that while security issues were\n                             generally addressed, clearer and specific criteria and\n                             requirements should be added to the exhibit. Specifically,\n                             the exhibit did not address or reference Postal Service\n                             internal security policies, standards, and procedures that\n                             CheckFree Corporation should follow. We also observed\n                             the exhibit only addressed physical security and suggested\n                             the Postal Service incorporate minimum security\n                             requirements in the exhibit. These would include security of\n                             data, system access, telecommunications, networks, and\n                             software security as well as training, personnel security, and\n                             other specific security requirements.\n\nRecommendations              We offer the following recommendations.\n\n                             We recommend that the senior vice president, chief\n                             technology officer, in conjunction with the senior vice\n                             president, Corporate and Business Development,\n\n                                1. Develop a new process to document system security\n                                   and meet the intent of system certification and\n                                   accreditation to be used when partnering with\n                                   companies operating commercial systems.\n\n                                2. Until a new process is developed, document any\n                                   alternative security assurance processes and cross-\n                                   reference those agreements to the existing\n                                   certification and accreditation process.\n\n                                3. Ensure the security assurance process includes\n                                   participation from the National Information Systems\n                                   Security office, and the Inspection Service.\n\n\n\n\n                                               7\n\x0cUSPS eBillPay Security and                                                        EC-AR-00-001\n Privacy Issues\n\n\n                             We further recommend the senior vice president, Corporate\n                             and Business Development,\n\n                                4. Hold discussions with CheckFree Corporation\n                                   regarding additional assurances on how their current\n                                   business practices meet Postal Service security\n                                   requirements, to include security incident reporting\n                                   and vulnerability testing.\n\nManagement\xe2\x80\x99s                 Management agreed with the recommendations and stated\nComments                     they were already using eBillPay to help develop an\n                             alternative process.\n\n                             Management also stated that while they did not use the\n                             certification and accreditation process to officially validate\n                             CheckFree\xe2\x80\x99s system, they did perform an initial assessment\n                             of CheckFree\xe2\x80\x99s system which revealed that CheckFree\n                             adhered to high security standards sufficient to protect\n                             Postal Service data.\n\n                             Management\'s comments, in their entirety, are included in\n                             Appendix C.\n\nEvaluation of                Management asserts that their initial assessment of\nManagement\xe2\x80\x99s                 CheckFree\xe2\x80\x99s system revealed that CheckFree adhered to\nComments                     high security standards sufficient to protect Postal Service\n                             data. However, management could not provide sufficient\n                             documentation to support this assessment, nor\n                             documentation to support the business decision to bypass\n                             the existing certification and accreditation process.\n                             Additionally, management\xe2\x80\x99s rationale for bypassing the\n                             existing certification and accreditation process only came to\n                             light during draft report discussions, and, therefore, the new\n                             information provided in support of their verbal assessment\n                             was not validated during this review. However, we\n                             considered management\xe2\x80\x99s actions, taken and planned,\n                             responsive to the issues raised in this finding.\n\n\n\n\n                                               8\n\x0cUSPS eBillPay Security and                                                      EC-AR-00-001\n Privacy Issues\n\n\n\nPrivacy Issues \t             We also found that the Postal Service did not publish notice\n                             of USPS eBillPay in the Federal Register in accordance with\n                             Privacy Act requirements. This occurred because the\n                             Postal Service believed an existing, published "system of\n                             records," (Marketing Records) met the Privacy Act\n                             requirements. To the Postal Service\xe2\x80\x99s credit, it drafted a\n                             new "system of records," (Customer Records) specifically\n                             covering USPS eBillPay to consider publishing in the\n                             Federal Register.\n\n                             The Privacy Act of 1974 requires agencies to publish notice\n                             in the Federal Register of any new "system of records" or\n                             changes in an existing "system of records" at least 30 days\n                             before the system becomes operational. It also requires\n                             that interested persons have an opportunity to submit\n                             written data, views, or arguments to the agency. In addition,\n                             pursuant to this act, the Postal Service\xe2\x80\x99s Administrative\n                             Support Manual requires when an agency (a) expands the\n                             types or categories of information maintained in a "system\n                             of records" or (b) alters the purpose for which the\n                             information is used, it must publish the \xe2\x80\x9csystem of records\xe2\x80\x9d\n                             in the Federal Register before implementation. .\n\n                             In comparing Marketing Records with Customer Records,\n                             Customer Records expanded the categories of information\n                             and changed the purpose of the system. Only two\n                             categories (customer name and address) were similar\n                             between the two "systems of records," and Customer\n                             Records added nine additional categories of information\n                             including social security numbers, checking account\n                             numbers, bank routing numbers, etc. The purpose of\n                             Customer Records was to provide electronic billing and\n                             payment services to Postal Service customers, which was\n                             not covered in Marketing Records. A list of categories of\n                             information and a description of the purpose of each\n                             "system of records" is included in Appendix B.\n\n                             Because the Postal Service did not provide notice in the\n                             Federal Register, interested parties did not have an\n                             opportunity to learn what information the Postal Service\n                             would be collecting, and to submit written data, views, or\n                             arguments regarding the use of this information. As the\n                             Postal Service competes in the electronic marketplace, it is\n                             even more exposed to public scrutiny and possible criticism\n\n\n\n                                               9\n\x0cUSPS eBillPay Security and                                                         EC-AR-00-001\n Privacy Issues\n\n\n                             by competitors and other organizations. This potentially\n                             puts the Postal Service\'s reputation of public trust at risk.\n\nRecommendation \t             We recommend the acting chief financial officer and\n                             executive vice president,\n\n                                 5.\t Ensure the Privacy Act officer publish notice of any\n                                     new system or major changes to an existing system\n                                     in the Federal Register.\n\nManagement\xe2\x80\x99s                 Management agreed with the intent of this recommendation\nComments                     and stated they continue to believe that it was appropriate\n                             and legally sufficient to rely on the existing system of\n                             records for Marketing Records as the basis for Privacy Act\n                             compliance for USPS eBillPay. Management further stated\n                             that a new system of records was drafted specifically for\n                             USPS eBillPay to meet perceived public concern about the\n                             routine uses prescribed for the Marketing Records system\n                             of records.\n\nEvaluation of                Management\xe2\x80\x99s actions meet the intent of the \n\nManagement\xe2\x80\x99s                 recommendation. \n\nComments \n\n\n\n\n\n                                               10\n\x0cUSPS eBillPay Security and                EC-AR-00-001\n Privacy Issues\n\n\n                             APPENDIX A\n\n\n\n\n                                 11\n\x0cUSPS eBillPay Security and        EC-AR-00-001\n Privacy Issues\n\n\n\n\n                             12\n\x0cUSPS eBillPay Security and                                                            EC-AR-00-001\n Privacy Issues\n\n\n\n        APPENDIX B. COMPARISON OF SYSTEMS OF RECORDS\n\n             Marketing Records                      Customer Records\n                 (Existing)                              (Draft)\n                            Categories of Information\n                 NOTE: The bolded items represent those categories that are similar\n\xe2\x80\xa2   Customer name and address                         \xe2\x80\xa2   Customer name and address\n\xe2\x80\xa2   Customer profile and telephone                    \xe2\x80\xa2   Home and work phone number\n    number\n\xe2\x80\xa2   Description of items ordered and prices           \xe2\x80\xa2   Date of birth\n\xe2\x80\xa2   Payment type                                      \xe2\x80\xa2   Driver\xe2\x80\x99s license number\n\xe2\x80\xa2   Credit card payment information                   \xe2\x80\xa2   Social security number\n\xe2\x80\xa2   Order fulfillment information                     \xe2\x80\xa2   E-mail address\n\xe2\x80\xa2   Inquiries on status of orders                     \xe2\x80\xa2   Service billing information (checking\n                                                          account number and bank routing\n                                                          number)\n\xe2\x80\xa2   Claims submitted for defective                    \xe2\x80\xa2   Service user name/ID and password\n    merchandise\n\xe2\x80\xa2   Lists identifying individuals who have            \xe2\x80\xa2   Consumer\xe2\x80\x99s bills registered with the\n    submitted bad checks                                  service\n                                                 \xe2\x80\xa2        Bill detail\n                                                 \xe2\x80\xa2        Bill summaries\n                                            Purpose\nOperate a subscription service of services            Provide electronic billing and payment\nfor customers who remit money for a                   services to postal customers.\nparticular product or products.\nMaintain a file to send product\nannouncements and sales literature to\ncustomers or subscribers.\nServe as a source for statistical data for\nresearch and market analysis, billing and\ninventory data, and mailing basis for\nproduct shipment.\nIdentify discrete groups of\ncustomers/subscribers for better order\ncontrol and service.\n\n\n\n\n                                                 13\n\x0cUSPS eBillPay Security and                            EC-AR-00-001\n Privacy Issues\n\n\n                  APPENDIX C. MANAGEMENT\'S COMMENTS\n\n\n\n\n                                 14\n\x0cUSPS eBillPay Security and        EC-AR-00-001\n Privacy Issues\n\n\n\n\n                             15\n\x0cUSPS eBillPay Security and        EC-AR-00-001\n Privacy Issues\n\n\n\nMajor Contributors to\nThis Report\n\n\n\n\n                             16\n\x0c'